...

View Full Version : Securing PHP



losse
04-24-2006, 08:47 PM
Hi there
How does one realize if a php script is secure or not? Most of the scripts i've written have been by taken bits and pieces from here and there and then adjusting them according to the project specs...

But how do I know if it's secure against someone hacking into the database and seeing info they are not supposed to see?

Are there general security bits out there? What sort of things are the most vulnerable and how can one prevent that?

Thanks

cdwhalley.com
04-24-2006, 08:50 PM
Try having a look in here ->http://www.php.net/manual/en/security.php


Generally, all the vulnerability comes from accepting input from users - either in the URL or in a form, and then not checking it hasn't got SQL or <SCRIPT> tags in it...

fci
04-24-2006, 09:12 PM
I'd say the major ones related to not sanitizing input are SQL injection, HTTP splitting and XSS.. I was going to make a thread about security(maybe someone else can.. i've been busy) to show the common vulnerabilities and how to fix them..

nkline
04-24-2006, 09:18 PM
Being somewhat of a newbie to PHP, I'd LOVE to see a thread dedicated to PHP security.

*Nick*



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum